Recommended Actions show a list of Adaptive Responses to an analyst, which are possible actions that can be taken in response to a notable event. Adaptive Response Actions run automatically when a correlation search triggers a notable event, and can perform actions such as sending an email, adding a comment, or modifying a risk score. Recommended Actions are configured in the correlation search editor, while Adaptive Response Actions are configured in the alert actions manager. References =
Included adaptive response actions with Splunk Enterprise Security
Set up Adaptive Response actions in Splunk Enterprise Security
Configure adaptive response actions for a correlation search in Splunk Enterprise Security
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit